Nov 30, 2012
Unsafe At Any Speed?
When you think about mobile security, do you focus mainly on the devices employees use? Or maybe you worry most about controlling what data mobile users have access to? If so, you're not alone, judging by the popularity of mobile device management systems. Of more than 300 respondents to the InformationWeek 2013 Mobile Device Management and Security Survey, 82% are using or in the process of deploying or evaluating MDM software. We're not saying devices and data aren't important. That same survey shows a number of respondents consider popular mobile platforms not up to par in terms of providing effective authentication, encryption and management controls. Yet 41% of respondent companies allow mobile access to corporate file servers, and 21% say the same about HR data.
However, we argue that organizations need to take a hard look at the mobile applications that are being created to support customers and partners -- specifically, those situations where IT does not control the device the applications will run on and cannot put the devices under its MDM policies. In some cases, employee-owned devices fall into that bucket. Furthermore, most people want to use apps provided by a number of vendors, so forget mandating that IT be given a special level of control. And yet, each installation of your application represents an extension of your organization's attack surface.
Apps are here to stay, so security teams must adapt. Here's how. (R6121112)